Join cybersecurity visionary Vivek Ramachandran as he shares his transformative journey from developer to researcher to CEO of SquareX, offering dynamic solutions to fortify web browsing security. Discover the innovative defense mechanisms and proactive measures reshaping the cybersecurity landscape in this thought-provoking conversation.
Vivek Ramachandran, a cybersecurity luminary with over two decades of experience, embarked on a transformative journey from developer to esteemed security researcher. His relentless pursuit of innovation led to the creation of SquareX, a pioneering cybersecurity company redefining secure web browsing.
Vivek's journey epitomizes a shift towards innovative and proactive cybersecurity measures. With a keen eye for detecting vulnerabilities and a passion for safeguarding corporate assets, he envisioned a solution that transcends traditional security paradigms. SquareX stands as a testament to Vivek's commitment to fortifying online defenses against sophisticated cyber threats.
By providing real-time attack detection and comprehensive insights, SquareX empowers organizations to fortify their web browsing environment effectively. Vivek's team's innovations address the critical gap in existing security measures, offering a holistic approach to threat mitigation. With a focus on user-centric protection and robust defense mechanisms, SquareX champions a new era of cybersecurity resilience. Vivek's visionary leadership positions SquareX as a trailblazer in secure browsing solutions.
As SquareX continues to make strides in the cybersecurity arena, Vivek's story serves as an inspiration for budding innovators and security enthusiasts while providing much-needed confidence for business and security leaders looking to protect their business assets.
Learn more about SquareX: https://itspm.ag/sqrx-l91
Note: This story contains promotional content. Learn more.
Guest: Vivek Ramachandran, Founder, SquareX [@getsquarex]
On LinkedIn | https://www.linkedin.com/in/vivekramachandran/
Resources
Learn more and catch more stories from SquareX: https://www.itspmagazine.com/directory/squarex
View all of our RSA Conference Coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage
Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story
Leading the Charge to Fortify Web Browsing Security | A Brand Story Conversation From RSA Conference 2024 | A SquareX Story with Vivek Ramachandran | On Location Coverage with Sean Martin and Marco Ciappelli
Please note that this transcript was created using AI technology and may contain inaccuracies or deviations from the original audio file. The transcript is provided for informational purposes only and should not be relied upon as a substitute for the original recording, as errors may exist. At this time, we provide it “as it is,” and we hope it can be helpful for our audience.
_________________________________________
[00:00:00]
Sean Martin: Marco.
Marco Ciappelli: Sean,
Sean Martin: how's your connection?
Marco Ciappelli: Connection is great. I'm on a browser. ,
Sean Martin: is it, is it traveling, uh, under sea or across, over to, uh, I don't know, Singapore, maybe this line
Marco Ciappelli: that's direct connection with Singapore. I always have a direct connection with Singapore. Wish I had.
Sean Martin: It's a great place to say . It's a great place. It, it's been too long since we've, we've been in Singapore, but uh, we get to meet new friends. From Singapore who, uh, do some really cool things,
Marco Ciappelli: you know, and this time they're coming to visit us.
Sean Martin: They're going to come visit us. I don't know if they're coming to visit us, but
Marco Ciappelli: they're going to come this, uh, this side of the world.
Sean Martin: That's right. That's right. Now we're, we're talking about the team at Square X and more specifically, we have Vivek Ramachandran on. How are you, Vivek?
Vivek Ramachandran: Doing great, uh, Sean Margo. Thanks so much for having me on the show. It's an honor and privilege.
Sean Martin: We're excited for [00:01:00] this conversation. We're, if you haven't figured it out, those listening and watching, uh, we're on the road to RSA conference. This is part of our coverage and, uh, we get to have a chat with, uh, with Vivek to hear all about what he's up to and what the team is up to. What you might experience if you happen to stop by their booth at the RSA conference.
So, um, before we get into all the fun stuff you're working on, maybe a little bit about some of your journey leading you to Squarex. I know you've, you've been an innovator, I've done a lot of things. Maybe I highlight some of the, some of your accomplishments and milestones over the years.
Vivek Ramachandran: Yeah, absolutely.
So Sean, I've been in cybersecurity now for 20 years running. Uh, started off as a developer, but very quickly figured out that I enjoyed breaking systems more than making them. And, uh, you know, I think three years into a developer job, I used to work at Cisco systems. I decided to go full time, you know, [00:02:00] into security research.
Uh, I was lucky to work with, you know, one of the pioneers in wireless security airtight networks, and that was the place where I discovered a bunch of new attacks, you know, cafe latte and whatnot. Uh, and then I got so hooked to it that I just decided to, you know, start a security research and a training company.
And, uh, you know, started off as security tube. net became security tube training, you know, eventually pen tested Academy. And, uh, you know, Pentester Academy, I kind of grew it almost for seven to 10 years. We had, you know, Fortune 500 customers, government agencies and whom not. And eventually that company got acquired, uh, by Providence Equity who are doing a roll up strategy with INE.
And during that time, I also built a Wi Fi monitoring product, uh, which I sold to government agencies exclusively. So, you know, during that time, you know, spend so much time with red teamers, understanding attacks, helping them build attacks to demonstrate internally, [00:03:00] uh, that post that I thought I'd probably take a break.
You know, everybody at home was like, Hey, you know, enough of long hours, you know, once an entrepreneur and researcher, I guess, uh, you know, it's, it's just wired into you forever. Uh, yeah, suppose that, you know, one thing after the other started Square Enix and, you know, now we are here.
Marco Ciappelli: So I get in, in my head, how you started building things, then breaking things, then realize maybe it was too easy to break things and you wanted to figure out a way to protect Sting from getting broken.
So it's kind of like you find the next easy thing to break and you try to make it. a little bit better. Is that is that what's in your head? Is that how you think?
Vivek Ramachandran: Absolutely. Absolutely. I think so. You know, I've always been behind challenges. And I think at one point, you know, breaking into systems, breaking technologies was a very big, interesting challenge, which I did like over a decade.
And then I quickly realized, you know, what, actually the [00:04:00] defender's job is really way more difficult, you know, because the attacker only has to win once the defender has to win always. Right. So, so mathematically, really, if you went on the defender's side and started building products, Uh, that is a way steeper curve and a way more difficult challenge.
So I said, okay, you know, why not, uh, just change my hat, you know, black to white, to blue, you know, whatever you want to call it and, and then try to see how it feels on the other side.
Sean Martin: You're, you're hacking hats now. I love it. So where does this spirit of innovation come from and what, um, what led you? I'm sure it's based on experience and conversations and things like that.
But how, how did the innovation for SquareX come?
Vivek Ramachandran: Yeah, no, that's a great question, Sean. So I think, you know, when I was doing Pentester Academy, we primarily were doing red team training. And at that [00:05:00] time, we used to have a lot of these teams come to us and say, look, we use endpoint security. You know, we use SASE, SSE, SWGs, uh, and I still feel like, you know, we are wide open to attacks.
Vivek, could you help us, you know, show demonstrations within the company so that, you know, we could have our, you know, CISOs and, you know, management go ahead and invest in more. You know, people process security, some combination of that. So it was that time that I, I suddenly saw that when you look at web browsing, you know, for enterprise users Uh, I felt like the security products which were around at that point weren't really good enough and it was it was really quite trivial To go ahead and you know attack enterprise users So I started looking at it and I said, okay, is there a way to protect?
And that is really where kind of the inquisitiveness and the research aspect began. And, you know, after selling the company and exiting the acquire, uh, I spent a good amount of time with a very small team, just looking at the problem, trying to see if [00:06:00] this was even solvable. And when I felt we had made reasonable progress, that was the time I, you know, incorporated the company, you know, raised, uh, you know, funding from Sequoia capital Southeast Asia.
And again, you know, here we are.
Sean Martin: Well, it's good to, uh, good, good to validate what you're looking at. Um, of course. That, that helps certainly not just raise funds, but actually acquire customers. And then ultimately the outcome helped them, right? If, if you have the good input from them, what, what were some of the challenges?
Like you kind of touched on the, the, the threat aspect of it. They, they deployed a lot of stuff yet still felt exposed. Um, was it really tech oriented, the challenge or were there other parts, maybe kind of paint that picture for us? What, what teams are struggling with mostly?
Vivek Ramachandran: Yeah. So I think, you know, what's been happening is over the last few years, if you look at, you know, [00:07:00] enterprise secure browsing.
Primarily people have depended on, you know, secure web gateways, which have been part of SASE and SSE and really secure web gateways. You know, Polyana initialized is, uh, basically a cloud proxy, which does SSL interception. And when that happens, it starts to look at that traffic and see if there are any attacks probably happening against end users.
Now, if, if we look at it, it almost sounds, I mean, at least in my humble view, counterintuitive because you are looking at network traffic and you're trying to infer application layer attacks. So we can already see the huge gap between, you know, what you're analyzing and what you're trying to detect. Now, you know, that was also a time when there was a huge push for cloud security and, you know, the cloud scrubbing all your data, malware, everything over there.
So I guess everybody just went with it and cloud security is great for a lot of problems. Uh, but what we figured [00:08:00] was when it comes to protecting end users online, JavaScript traffic, Uh, it is just not possible to infer, you know, many application attacks. And now with attackers getting more and more sophisticated.
And the bar for writing code has substantially come down with, you know, code, LLMs, chat, GPT and whatnot. Uh, we, we've started fencing that, hey, you know, there's, there's going to be a bunch of very big attacks and unfortunately existing solutions aren't equipped. On the other front, you know, people have also relied on endpoint security, right?
So it's either the cloud guys or the endpoint guys. Uh, and, and Sean Marco, what's unfortunate. Is endpoint security solutions primarily look at file and process? To decide if something is an attack and they have absolutely zero visibility into what is really happening in the browser. So, you know, an endpoint security solution, [00:09:00] if one of your users was targeted on LinkedIn, you know, with a message and a malicious file, and he ends up downloading it, what endpoint security just tells you is, Hey, Chrome was used to download a file.
That's it. Now, you absolutely have no clue, and we all know what happens when you finally go to the employee and say, Hey, this malicious file, where do you get it from, right? People don't remember or, you know, even if they do, they flat out deny. So these were all the challenges where we felt like, you know, attack.
I think the whole attribution of how an attack happened against one of your enterprise user online. Uh, that is currently almost impossible to do. And that is a very big challenge that enterprises face.
Marco Ciappelli: It's almost hard to believe that we haven't thought about that earlier. Cause I'm thinking a metaphor to say, you know, usually said, Oh, you know, the cars, security, one thing or another.
[00:10:00] And the only thing that come in my mind is the browser. It kept coming back in my mind. The browser, that's where everything happened. That's the way you get social engineer. That's where you get access to your email. It's, uh, yeah. Sometimes you have to look at the things that are more obvious, I guess, and we don't.
Vivek Ramachandran: Exactly. And, and Marco, my, my hypothesis there is what happened is, in between, there was such a massive push to the cloud. That people just stopped thinking about things running on the end point and felt like, you know what, the crowd is going to do its job. We're going to filter everything that goes in and out from these end points.
And that is good enough. Uh, absolutely forgetting that there are entire attacks which can just live and die within the browser. I mean, you don't need to now download a piece of malware which steals credentials by installing on the host. You could just end up installing, you know, one of these chat GPT extensions, and that can just steal all your credentials right there [00:11:00] in the browser as you interact with websites.
And, you know, this is something endpoint security, you know, the SWGs absolutely won't have any inkling about.
Sean Martin: And let's, uh, let's not forget that even if it looks like an app sitting on the desk, the endpoint could very well be a very small client that's hosting a browser. It's basically just a browser wrapped in a client.
And, uh, and. Peace. And so all the same things are fair game in those environments as well.
Vivek Ramachandran: Absolutely. And you're absolutely right. Because what's been happening is everything has just become a thin client to a backend web API, right? So progressive web apps, uh, you know, when you install them, seems like a local application, but really all it is doing is talking over APIs to the backend.
Uh, and literally everything is webified now, right? Like, you know, with, with SAS and all of that, [00:12:00] uh, I actually, apart from the browser and maybe outlook. I don't remember any other application that people use on an ongoing basis, which is probably installed on the computer.
Marco Ciappelli: Interesting. So let's go to what is about to happen.
So we're telling a story now, which is pre event. Well, I'm going to unveil that we will tell another story when, when we're there, we're going to sit down with you. Actually, Sean is going to do that on Broadcast Alley. So we're going to get maybe a little bit deeper Into this conversation. So what I want, I want to use this for is to first of all, invite people to come and visit Square X at the booth.
And so a little teaser on what people can do there, who they're going to find. I know you're coming with the team and you have a place, a booth. Um, so how, how are you going to welcome everybody interested in learning what you guys do?
Vivek Ramachandran: Yeah, absolutely. I mean, we're going to welcome [00:13:00] everybody with open arms.
You know, the, the whole team is flying down. We couldn't be more excited. So we've been working very, very hard for the last one and a half years on solving this problem. Uh, you know, many challenges, you know, the browser itself was never meant to carry a security product. So a lot of tribal knowledge and all of that gained along the way.
And at the booth, Marco, what we plan to do is allow people to come in, test, drive the product live. So, you know, this isn't going to be just a dummy enterprise portal where you just make a few clicks, you know, no stage data, we will literally give you a laptop, you know, allow you to simulate attacks and we will show you live how SquareX is able to detect all of that and, you know, show you all of those insights, attack graphs and whatnot.
Uh, apart from that, I guess, you know, for CISOs or heads of security. Who love what they see at the booth and would want to sign up for a pilot. Uh, you know, we can immediately sign you up right [00:14:00] there and, and post call and post RSA, you know, sit down with you, run your broader teams through, you know, how we could go about the process.
So yeah, I mean, super excited, uh, to get to interact with the whole industry at RSA.
Sean Martin: Yeah. And, uh, what, what's the booth number, Vivek? Oh yeah.
Vivek Ramachandran: I forgot the most important piece of information.
Sean Martin: I
Vivek Ramachandran: mean, yeah, RSA isn't a place you want to wander around searching for square X, right? Uh, yeah. So we are booth three, three, six, uh, Moscow and center South.
And, uh, yeah, you should be able to reach us. And, uh, yeah, if you want to set up a time, we're going to be posting, you know, a link on all of our social media channels. Uh, later today and you can even book an appointment or you could just, uh, you know, walk in whenever you get time.
Sean Martin: Perfect. Perfect. And, uh, of course, we'll include links to your site and, uh, and links to your directory page.
So everybody can grab those links where you'll be and watch and listen to all [00:15:00] of all the stories that we share from you as well. Um, I'm excited that for our deeper conversation, Marco. Marco, stop me. You could tell I was going to, I was going to head down and get into all the fun nitty gritty stuff. Um, that's for you to do with people on the show floor.
Uh, they need to come see you. And at the end of the day, was it a Wednesday, 4. 30 local time there. You and I get to sit down and broadcast Allie in Moscone North at the entrance to Expo Hall there at just the bottom of the escalators. So if people want to come by and, uh, and say hi and wave at us and, and here, we have to talk about, uh, while we're doing it, I would encourage everybody to do that and, and of course.
The main thing is to meet the deck in person there as well. So, uh, we're going to get in, you know, Sean,
Marco Ciappelli: I'm going to give you one more question. How about that? I know, I know you'll love that. I want to change the game here. Go for it.
Sean Martin: All right. [00:16:00] Um, I think we'll cover more of this. Let's tease when we, when we talk next time, but let's tease one scenario in one sector that you think is worth highlighting now where.
Teams are struggling with this and Square X can really produce a nice outcome for them.
Vivek Ramachandran: Yeah. Uh, and I could, I could give you a very simple case study in the sense that, you know, so people can visualize the attack itself. Uh, and this is something, you know, we, we recently helped someone with. So imagine that, you know, you have a big sales team and sales teams are always hunting for, you know, more prospects.
Uh, but now an attacker ends up sending an attachment, you know, on LinkedIn, direct messages to a bunch of your sales guys saying, Hey, open up the document. And, you know, this has all the details about, you know, what we need. Now, can you imagine a single sales guy in the whole world who wouldn't enthusiastically just download it [00:17:00] and try to open it up?
Right. And this, this happened and, uh, you know, they were lucky that endpoint security was able to figure out that there was something malicious. But unfortunately, after that, no sales guys seem to have like any recollection of what happened. And this is really where, you know, because they're deployed square X, it was very easy for them to go through this entire attack graph and we literally show you a live video of how the whole attack happened because we can reconstruct that.
So, uh, so this is a little bit of like a teaser. Is if you wanted to look at this specific use case and a lot of these, you know, which have been obscured so far from the enterprise teams visibility, uh, come down, you know, we'll show you some really amazing things which will blow your mind.
Sean Martin: Good, great example.
So we're gonna, we're gonna uncover more of those. Scenarios and use cases. And, uh, I think I also want to get into, I love [00:18:00] having this conversation as well. Security programs are broad. And I want to understand how Square X fits into the bigger picture. From a, from a deployment and management and monitoring and reporting and response.
So we're going to get into all that when we talk next time as well. And, um, yeah, so, That's on Wednesday. You're gonna be there all week at RSA conference. Um, I don't think we should, uh, give any more secrets away, Marco.
Marco Ciappelli: No, no, no, no, we're done. I think people at this point are going to be very intrigued by this conversation and I think there is a lot of question mark that people can try to get an answer and that's going to happen by listening to our next conversation and coming to the booth and visit you and in your team.
So I'm going to invite everybody to do so. So in the notes of this podcast [00:19:00] on YouTube, if you're watching the video, you're going to be the link to the landing page for Square X, where they can already, you know, get informed, so they'll have a specific list of questions when they meet with you, when they come prepared, and we're going to keep going with other coverage, other conversation before the event, and of course, during the event, I know I looked at our agenda, it's pretty busy, so get ready for a lot of content.
Sean Martin: Exactly. Exactly. And then the one thing I'll point out, uh, as, as we close here is that I can have a hundred conversations and it's the one that you have listener has with Vivek. That's really going to matter because every company is different. Um, hopefully this gives you a sneak peek. Our next conversation, we'll get into more general operations.
We'll kind of give you a broader view. And then it's really about connecting with Vivek and having your own conversation as well. So Vivek, thanks for, uh, Thanks for sharing the story with us. We look forward [00:20:00] to seeing you in San Francisco, safe journey for you and the team and, uh, appreciate you being on ITSP magazine.
Vivek Ramachandran: Yeah. Thanks so much, John Marco for taking the time, you know, me and the team, we really appreciate it. And yeah, super excited to be on the live show, you know, face to face, uh, literally 10 days from now.
Sean Martin: I know. And, uh, thank
Vivek Ramachandran: you so much. Thank you.
Sean Martin: All right. Thanks everybody. Stay tuned. We'll see you in, uh, in San Francisco.